FS#5913 - security vulnerability in tar

Attached to Project: Arch Linux
Opened by Roman Kyrylych (Romashka) - Wednesday, 29 November 2006, 14:29 GMT
Task Type Bug Report
Category Packages: Current
Status Closed
Assigned To Judd Vinet (judd)
Architecture not specified
Severity Critical
Priority Normal
Reported Version 0.7.2 Gimmick
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

report: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html
patch: https://savannah.gnu.org/bugs/download.php?file_id=11327
(tar-mangling.patch) keescook (2kB - text/x-patch - disable GNUTYPE_NAMES by default, add --allow-name-mangling)

exploit is available too ;)
This task depends upon

Closed by  Tobias Powalowski (tpowa)
Wednesday, 29 November 2006, 19:24 GMT
Reason for closing:  Fixed

Loading...